You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by DM...@simard.ca on 2020/03/27 16:57:12 UTC
TOTP Reset
I was wondering if anyone else has some better ways to find and reset
their totp users, other than just deleting them. Ie someone lost/broke a
phone. For now it seems there is no interface to do this (1.0.0)
This is what I have been doing, any better ways? This is with the TOTP
plugin and mysql database.
1) - Find out the user_id of the person in question. Since I guess I dont
have 10000 users this seems ok. It's a report that shows the name and user
id along with if they are disabled and if they have enrolled yet or never
even tried (NULL). this is good to know if a bunch of users have not
bothered yet, as untill they enroll the account is open to hack. (forgive
the messy mysql)
select t1.name, t2.user_id, t3.attribute_name, t3.attribute_value,
t2.disabled
from guacamole_entity t1, guacamole_user t2 left join
guacamole_user_attribute t3 on t2.user_id=t3.user_id
where t1.entity_id=t2.entity_id and (
t3.attribute_name="guac-totp-key-confirmed" or t3.attribute_name IS NULL
);
2) - Update the Confirmed parameter so it prompts again. Not sure if this
is the best way. maybe it still means their 'codes' will be the same as
before. It's probablly best to also erase the secret key part but I dont
do that here yet.
update guacamole_user_attribute set attribute_value='false' where
attribute_name='guac-totp-key-confirmed' and user_id=2
--and that should end up with 1 row only changed!
""
Query OK, 1 row affected (0.03 sec)
Rows matched: 1 Changed: 1 Warnings: 0
""
and I guess you could do this before and after to see the changes...
select * from guacamole_user_attribute where user_id=2
/danielm